Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Zoom patches critical security flaws across its Windows apps — update now to stay safe

Zoom pronouns.

Zoom has fixed a major vulnerability in its Windows apps that allowed threat actors to escalate privileges remotely.

The company’s offensive team recently found an improper input validation flaw in Zoom Desktop Client for Windows before version 5.16.5, Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12), Zoom Rooms Client for Windows before version 5.17.0, and Zoom Meeting SDK for Windows before version 5.16.5.

The flaw is tracked as CVE-2024-24691 and carries a severity rating of 9.6 - critical.

Patching the flaws

Although the company did not detail the flaw, the publication speculates that it requires some level of victim interaction in order to be abused, citing the CVSS vector. This interaction, given usual hacking practices, could involve clicking a link, opening a malware-laden email attachment, or something similar.

Zoom has an automatic updater, so the next time you bring up the app, it should update on its own. For those that have disabled automatic updates, here’s a link where you can find the version 5.17.7 for Windows.

In the same advisory, Zoom also announced addressing six additional vulnerabilities, including one that allows privilege escalation through local access, three that allow information disclosure remotely, and one that allows for the denial of service, over the network. 

The company advises users to apply the patch as soon as possible to protect their endpoints.

Zoom is a popular cloud-based video conferencing service which companies often use to run remote meetings and calls, education, demonstrations, and similar. It rose to prominence during the Covid-19 pandemic, quickly becoming the most-used application in the world. At one point, it had 300 million daily meeting users. 

This also attracted plenty of hackers who saw this as an opportunity to steal sensitive company data, putting the spotlight on patches and quick fixes.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.